Dedicated Server - One Public IP for all VMs

M

Muwan

New Member
Oct 12, 2017
6
0
1
36
Hello,

i have a dedicated Server at Hetzner with one Public IP and want to get the following Setup

Use the Public IP for every Windows Server VM i setup
Beeing able to have internet connection on all VMs
Beeing able to RDP to all VMs with IP:pORT

I spend the day reading and tryd different things with out a success, thats my interfaces:

source /etc/network/interfaces.d/*

auto lo
iface lo inet loopback

iface lo inet6 loopback

auto eth0
iface eth0 inet static
address 144.xx.xx.55
netmask 255.255.255.224
gateway 144.xx.xx.33
up route add -net 144.xx.xx.32 netmask 255.255.255.224 gw 144.xx.xx.33 dev eth0

iface eth0 inet6 static
address 2a01:xxx:xxx:xxx::x
netmask 64
gateway fe80::1

auto vmbr0
iface vmbr0 inet static
address 144.xx.xx.55
netmask 255.255.255.224
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0

# /etc/network/interfaces:
auto vmbr2
iface vmbr2 inet static
address 10.21.21.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:3389
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:3389

eth0 was added as default with the Public IP and Gateway/Netmask during install from Hetzner.
I added vmbr0 using my Public IP and the netmask provided from Hetzner, then i added vmbr2 as shown above to forward port 3389 to 2222.

I used vmbr2 as Network for my VM.

In my Windows VM i used as IP 10.21.21.2 and as Gateway 10.21.21.1 but i also tryd using the gateway from hetzner without a success.

I hope someone can point me in the right direction how to setup that whole thing.

Thanks
 
Hi @Muwan,

I've also a dedicated server on Hetzner and I'm also using the main machine as a router for those VMs with local ips (10.20.30.x). I've another 4 public ips assigned but used only for my main VMs. Anyway, here is my conf so you can compare it with your current conf and show the differences ;).

I've two entries on /etc/sysctl.conf to allow forward:
Code: 
$ grep -e '^[^#/s]' /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1

This is my /etc/network/interfaces:
Code: 
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address  144.xxx.yyy.29
        netmask  255.255.255.255
        gateway  144.xxx.yyy.25
        pointopoint   144.xxx.yyy.25

iface eth0 inet6 static
  address 2a01:xxxx:yyyy:zzzz::2
  netmask 128
  gateway fe80::1

auto vmbr0
iface vmbr0 inet static
        address  144.xxx.yyy.29
        netmask  255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        up ip route add 144.xxx.yyy.20/32 dev vmbr0
        up ip route add 144.xxx.yyy.48/32 dev vmbr0
        up ip route add 144.xxx.yyy.49/32 dev vmbr0
        up ip route add 144.xxx.yyy.50/32 dev vmbr0

iface vmbr0 inet6 static
        address 2a01:xxxx:yyyy:zzzz::2
        netmask 64

auto vmbr1
iface vmbr1 inet static
        address  10.20.30.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        post-up iptables -t nat -A POSTROUTING -s '10.20.30.0/24' -o eth0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.20.30.0/24' -o eth0 -j MASQUERADE

And I'm using CSF (ConfigServer Security & Firewall) to configure the iptables rules but these are the rules used on NAT table (in the example I'm forwarding requests to my main ip 144.xxx.yyy.29 on port 63389 to 10.20.30.50 port 3389).

Code: 
# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A PREROUTING -d 144.xxx.yyy.29/32 -i eth0 -p tcp -m tcp --dport 63389 -j DNAT --to-destination 10.20.30.50:3389
-A POSTROUTING -d 10.20.30.50/32 -o eth0 -p tcp -j SNAT --to-source 144.xxx.yyy.29
-A POSTROUTING -s 10.20.30.0/24 -o eth0 -j MASQUERADE

On Windows VM, I've configured it as follows:
Code: 
IP: 10.20.30.50
Netmask: 255.255.255.0
Gateway: 10.20.30.1
DNS (Using the Hetzner ones): 213.133.98.98   213.133.99.99   213.133.100.100
This conf works pretty well on Hetzner dedicated server.

I hope this helps.

Cheers,
sahsanu
 
Hi. I have a problem when vm access from RDC. what should I do if I want the VM to be accessed with RDC ... I also use vmbr2 as a Network for my VM.

# /etc/network/interfaces:
auto vmbr2
iface vmbr2 inet static
address 10.21.21.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.21.21.0/24' -o vmbr0 -j MASQUERADE
post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22
post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 2222 -j DNAT --to 10.21.21.5:22
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back